Dear Colleagues and Friends,
Computer technology and the internet have powered countless innovations and advances, but it’s come at the cost of the relatively new threat of cybercrime. Quantifying potential losses from these threats is difficult for insurers, especially when it comes to utilities like power companies. As you’ll read in the accompanying story, UWM researchers have devised ways to more accurately calculate the costs and insurance premiums involved. This could allow utilities to more confidently invest in cybersecurity because they would be better insured against losses at lower premiums. It’s one more example of how our world-class faculty members have made UWM one of America’s top research universities.
Mark A. Mone, PhD
University of Wisconsin-Milwaukee
Understanding the Risk of Cyber Attacks on Utilities
Insurance companies have no trouble setting premiums for their clients’ car insurance policies. Having massive amounts of data available about car models, driver age and more makes gauging the average cost of a car accident relatively easy. But insuring public utilities against losses from cybercrime is quite different.
“Cyber risk is posing challenges to insurance companies because the nature of the risk is not known, and there is no sufficient data collection to support effective statistical analysis,” says Wei Wei, an associate professor of mathematical sciences in the College of Letters & Science. “To make it worse, cyber risk events could cluster and bring a disaster to insurance companies.”
Wei specializes in actuarial science, which leverages mathematical techniques for prediction and risk assessment. Uncertainty about the potential payoff is a reason electric utilities have been slow to invest in cybersecurity efforts, because the latest measures wouldn’t guarantee complete protection. Meanwhile, the threat grows daily, as utilities become increasingly reliant upon streaming operational data to the internet.
Wei and Lingfeng Wang, a professor of electrical engineering in the College of Engineering & Applied Science, are helping utility companies shore up their efforts. With funding from the National Science Foundation, they’re researching ways to quantify potential losses caused by cyberattacks and build a structure for premiums without the benefit of historical information.
Their work confirms that cyber risk events, and thus related losses, can cluster. For example, they’ve found that two utility grids that are physically separated can both be exposed to losses from common cyber threats.
Wang and his students have examined current cybersecurity measures and quantified the effects of a wide range of hacking scenarios. They constructed a probabilistic model that assigns monetary value to damages across the scenarios, and Wei applied actuarial techniques to calculate premiums.
“Cyberinsurance premiums will be high for those with low cybersecurity performance audits, based on our novel actuarial models,” says Wang, who develops quantitative models to evaluate and mitigate emerging risks in public infrastructure. “Conversely, utilities with high cybersecurity efforts will enjoy low premiums.”